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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, nnay a reply be timely Tiled 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)K Responsive to communication(s) filed on 04 November 2005 , 
2a)K This action is FINAL. 2b)n This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-5 and 10 is/are pending in the application. 

4a) Of the above claim(s) 6 and 9 is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) 13 Claim(s) 1-5,7,8 and 10 is/are rejected. 

Claim(s) is/are objected to. 

8)n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

§)□ The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (O- 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2.n Certified copies of the priority documents have been received in Application No. . 

3.0 Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Response to Amendment 



1 . The Amendment, and remarks therein, received on 1 1/04/05 have been entered and 
carefully considered. 

2. The Amendment introduces new limitations into the originally sole independent 
claims 1 and dependent claims 3, 5, 7-8 and 10. The claims 6 and 9 have been 
withdrawn. 

The newly introduced limitation has required a new search and consideration of the 
pending claims. The new search has resulted in newly discovered prior art. New 
grounds of rejection based on the newly discovered prior art follow below. 

3. The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior office action. 



4. Claims 1-5, 7-8 and 10 have been examined. 



Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 1 1 2: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 
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1. Claims 1-5, 7-8 and 10 are rejected under 35 U.S.C. 112, first paragraph, as failing 
to comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the 
application was filed, had possession of the claimed invention. 

2. Claim 1 recite a new. negative limitation "without further mediation by the grantor" , 
which is not found in the specification. Any negative limitation or exclusionary 
proviso must have basis in the original disclosure. See In re Johnson, 558 F 2d 
1008, 1019, 194 USPQ 187, 196 (CCPA 1977). 

3. Claims 2-5, 7-8 and 1 0 are rejected by virtue of their dependence. 
Appropriate corrections is required. 

Claim Rejections - 35 USC § 103 

4. Claims 1-2, 4, 7-8 and 10 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Johnston etal. (W. Johnston and C. Johnston etal., "A use- 
condition centered approach to authenticated global capabilities: security 
architectures for large-scale distributed collaborator^ environments", 1997, ISBN: 
9290831205) in view of Birrell et al. (U.S, Patent No. 5805803). 

5. Johnston et al. teach a security model and architecture intended to provide general 
scalable and effective security services in open and highly distributed network 
environments in order to meet the objective of providing the same level of, and 
expressiveness of, access control that is available to a local human controller of 
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information and facilities, and the same authority, delegation, individual responsibility 
and expressiveness of policy that one sees in specific environments in scientific 
organizations The model is based on a public-key infrastructure and 
cryptographically signed certificates that encode use-conditions that are defined by 
those directly responsible for a resource ("Johnston et ai, Abstract). 

6. As per claim 1 Johnston et al. teach public-key certificates providing the mechanism 
of establishing identity and distributing the cryptographic information needed to use 
that identity for user and message authentication (Johnston et ai, 1A,3 
Infrastructure section). Johnston et al/s model emphasizes direct checking 
satisfaction of use-conditions imposed by a resource controller. The principals that 
control resources will establish a set of conditions for the user of the resources. 
These use-conditions are then encoded by the responsible party in signed 
certificates. Paired with the resource owner's use-conditions are the principals that 
can attest to the relevant attributes of a user or agent that is seeking access to a 
resource (Johnston et al., 2 A use-condition centered security model section). 

7. This reads on: "a creation of a grantor credential, the grantor credential identifying 
the grantor to a resource repository, and indicating to the resource repository the 
scope of access to at least one resource of the resource repository permitted to the 
grantor". 

8. Johnston et al. also teach delegation authority, wherein the particular authority (e.g. 
administrator (root)) delegates portions of their authority down the organizational 
hierarchy, with the authority to "act" becoming steadily more specific (restricted). 
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This authority delegation is traditionally accomplished through use a collection of 
signed certificates that may be traced through an unbroken chain of such certificates 
back to the root of authority (Johnston et al., 2 A use-condition centered security 
model section). The examiner once again points out that as cited above the 
certificate certificates providing the mechanism of establishing identity and 
distributing the cryptographic information needed to use that identity for user and 
message authentication and that they also comprise use-conditions encoded by the 
responsible party. The concept of "cascading" these certificates is clearly shown in 
Fig. 1. 

9. This reads on an issuance of a grantee credential, the grantee credential comprising 
the grantor credential and identifying to the resource repository the grantor, a 
grantee scope of access to the resource repository, where the grantee scope of 
access is limited to no more than the scope of access indicated by grantor 
credential. 

^O.Jollnston etal. teach implementation of the invention in network environment (e.g. 

LDAP/X.500, Jolinston et a!., 1.4.3 Infrastructure section, 1.5.6 Certificate 

Distribution section etc.). 
1 ^. Johnston et al. does not teach explicitly transmission of the grantee credential to the 

grantee via the computer network, 
M.Birrellet al. discloses transmission of the credentials to a grantee via the computer 

network (Birrell et al., col. 4 lines 35-64 and Fig. 1). It would have been obvious to 

one of ordinary skill in the art at the time of applicant's invention to include 
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transmission of the grantee credential to the grantee as taught by Birrell et si into 
Johnston et al/s invention. One of ordinary skill in the art would have been 
motivated to perform such a modification in order to provide remote means of 
authentication to the grantee (Birrell et si, col. 4 lines 35-51). 

13. The limitation: "whereby the grantee credential enables the grantee to request a 
validation by the resource repository of a request for access to the at least one 
resource issued by the grantee the request limited to access as authorized within the 
grantee credential by the grantor, and without further mediation by the grantor" is 
implicit since as discussed above, the purpose of the delegation of authority is to 
enable the grantee access resources that are within the limits of the grantor. In 
addition as shown in Fig. 1 and disclosed in "A use-condition centered security 
model" authorization is conducted without further mediation by the grantor. 

14. As per claims 2, 4 and ^0 Johnston ef a/.'s the grantee credential comprise an 
electronic signature of the grantor wherein the electronic signature comprises public 
key cryptography (Johnston et ai, Abstract and 2. A use-condition centered security 
model section) and revocation of the credentials (Johsnton et al, 2. A use-condition 
centered security model and Objectives of a prototype architecture sections). 

15. Claims 3 and 5 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Johnston et al. (W. Johnston and C. Johnston et al., "A use-condition centered 
approach to authenticated global capabilities: security architectures for large-scale 
distributed collaboratory environments", 1997, ISBN: 9290831205) in view of Birrell 
et al. (U.S. Patent No. 5805803) and further in view of Kotok et ai (Alan Kotok and 
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David Webber, 'The XMUedi Group's XML for E-business Initiative", 11/1999, 
tittp://www,xml. com/pub/a/1 999/1 1/edi/index2.html). 

^6.Jotlnston et al. in view of Birrell teach the security model as discussed above. 

M.Johnston et ai in view of Birrell do not explicitly teach that grantee credential is 
comprised within an XML document. 

18.Kofo/c et al. teach XML /edi standard that encourages business to invest in data 
exchange technology. Kotok et al. teach credential comprised in an XML document 
(Table liXMUedi Group's XML for E-Buisness Recommendations 3)) utilizing 
electronic data interchange message ((the implementation of the electronic data 
interchange message (edi) standard is discussed thought the article)) that are 
utilized in the business data exchange. 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to comprise grantee credential an XML document and transmitting the 
grantee credential to the resource repository in at least one electronic data 
interchange message as taught by Kotok et al. One of ordinary skill in the art would 
have been motivated to perform such a modification in order to accommodate 
business needs. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

FaietaL (U.S. Patent No. 6799177). 
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Applicant's amendment necessitated the newground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is (571)272- 
3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (571) 272-3838. The fax phone number 
for the organization where this application or proceeding is assigned is (571) 273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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